diff options
author | John-Mark Bell <jmb@netsurf-browser.org> | 2023-03-05 18:15:21 +0000 |
---|---|---|
committer | John-Mark Bell <jmb@netsurf-browser.org> | 2023-03-05 21:37:22 +0000 |
commit | a8ff4ab2285150b8805154c1f9281d60626ea4c3 (patch) | |
tree | 158903e6104ce6620fbaf6ac0f68bf0cfc2dcd6e /content | |
parent | b22e61871ccfce6c6bc66130e7c6eed0f89b3386 (diff) | |
download | netsurf-a8ff4ab2285150b8805154c1f9281d60626ea4c3.tar.gz netsurf-a8ff4ab2285150b8805154c1f9281d60626ea4c3.tar.bz2 |
fetchers/curl: tolerate lack of TLS1.3
If we are building against a modern version of libcurl, but it was
built against a version of OpenSSL that does not support TLS1.3,
then attempting to configure TLS1.3 ciphersuites will fail with
CURLE_NOT_BUILT_IN. Tolerate this scenario by treating such a
return code as non-fatal in this case.
Diffstat (limited to 'content')
-rw-r--r-- | content/fetchers/curl.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index a0c26ae25..1377ec721 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -1792,8 +1792,12 @@ nserror fetch_curl_register(void) * fetch fails with "Unknown cipher in list" */ #if LIBCURL_VERSION_NUM >= 0x073d00 - /* Need libcurl 7.61.0 or later */ - SETOPT(CURLOPT_TLS13_CIPHERS, CIPHER_SUITES); + /* Need libcurl 7.61.0 or later built against OpenSSL with + * TLS1.3 support */ + code = curl_easy_setopt(fetch_blank_curl, + CURLOPT_TLS13_CIPHERS, CIPHER_SUITES); + if (code != CURLE_OK && code != CURLE_NOT_BUILT_IN) + goto curl_easy_setopt_failed; #endif SETOPT(CURLOPT_SSL_CIPHER_LIST, CIPHER_LIST); } |